DATASAFETY

Privacy Policy

PRIVACY POLICY

Dear Sir/Madam!
On www.parittyahaz.hu you can find an online booking system for the Parittyahouse (6341 Homokmégy, Alsómégy szállás 72.)
In the following, as the Data Controller, I will inform you in detail about the personal data I process on the website, my principles and practices regarding the processing of personal data, my organisational and technical measures for the protection of personal data, as well as the ways and means of exercising the rights of the data subjects.
I inform you that I will treat the personal data collected confidentially, in accordance with data protection legislation and international recommendations, and in accordance with this statement.
I further inform you that the legal regime for the processing of personal data has changed as of 25 May 2018, as Regulation 2016/679 of the European Parliament and of the Council (EU) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”) will apply on a mandatory basis as of that date.
By using the online systems on this website, you, as a user (hereinafter referred to as “User”), accept the provisions of this privacy notice (hereinafter referred to as “Privacy Notice”).

I. Basic concepts
Personal data: any information relating to an identified or identifiable natural person (data subject) which can be associated with him or her, in particular the name, the identification mark and one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity, and any inference relating to the data subject which can be drawn from the data.
Data file: the set of data processed in a register.
Data subject: a natural person identified or identifiable, directly or indirectly, on the basis of any information.
Data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.
Third party: a natural or legal person or unincorporated body other than the data subject, the controller or the processor.

Data protection: the set of technologies and organisational methods that enable the integrity, usability and confidentiality of the collected data assets.
Data Breach: a breach of data security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Data Processing: Any operation or set of operations which is performed upon data, regardless of the procedure used, in particular any collection, recording, recording, organisation, structuring, storage, adaptation or alteration, use, retrieval, disclosure, transmission, dissemination or otherwise making available to the public or otherwise making accessible, alignment or combination, restriction, erasure or destruction of data or prevention of their further use, taking of photographs, sound or image recordings, or any other physical characteristics which are capable of identifying a person (e.g. fingerprints, palm prints, DNA samples, iris scans).
Data controller: a natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which data are processed, takes and executes decisions regarding the processing (including the means used) or has them executed by a processor.

Transfer: making data available to a specified third party.

Erasure: rendering data unrecognisable in such a way that it is no longer possible to recover it.

Restriction of processing: the marking of stored personal data for the purpose of restricting their future processing.

Consent: a voluntary, explicit and unambiguous indication of the data subject’s wishes, based on specific and adequate information, by which the data subject signifies his or her agreement to the processing of personal data relating to him or her, either in full or in relation to specific operations, by means of a statement or an act expressing his or her unambiguous consent. Consent shall be deemed to be given if the data subject, when consulting the website or when finalising a reservation, ticks a corresponding box or makes the relevant technical settings, or by any other statement or action which, in the context of the particular case, unambiguously indicates his or her consent to the intended processing of personal data.

Mandatory processing: where the processing is required by law or by a regulation of a local authority, in the scope and on the basis of the authorisation provided for by law, for a purpose which is in the public interest.

Disclosure: making the data available to any person.

Profiling: any form of automated processing of personal data in which personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
II. Name and contact details of the controller
Name of data controller: Zsuzsanna Greksa
Contact details of the Data Controller:
Address.
Phone number: +36307564409
E-mail address: parittyahaz@gmail.com
III. Purpose of data processing
The Controller processes the User’s personal data for the following purposes:
For the purpose of making a reservation in the Guest House, it is necessary to provide certain personal data, as detailed below.
For the purposes of issuing the advance and final invoices required by law.
For the purposes of communication relating to the reservation, arrival, stay in the Guest House, possible modifications, cancellations and refunds.

IV. Legal basis for processing
The Controller processes the User’s personal data on the following legal basis:
For the purpose set out in point III. a), Article 6(1)(b) GDPR, i.e. the performance of a contract to which the User, as data subject, is a party.
For the purpose of Article III. b), Article 6(1) c) GDPR, i.e. the fulfilment of a legal obligation on the controller, namely the obligation to issue a receipt or invoice.
For the purpose of point III. c), the data are processed on the basis of Article 6(1)(a) of the GDPR, in order to provide you with adequate information on the material circumstances of the contractual relationship.
Where processing is necessary for other purposes or on other legal bases than those mentioned above, the Data Controller shall inform the data subject individually, prior to the start of the processing, of all relevant information and of their rights in relation to the processing to be carried out.
V. Scope of the data processed
The use of the online areas of the website of the Data Controller (www.parittyahaz.hu) does not require a separate registration, but the following personal data are required for reservations and gift voucher requests:

Full name (first and last name),
Telephone number,
E-mail address,
Billing address.
VI. Duration of data processing
The processing of the data relating to the User’s telephone number starts from the time of sending the online reservation and ends when the User leaves the Guest House or when the payment obligation is fully met (whichever is later).
The data concerning the User’s name, e-mail address and billing address will be stored and processed for the period provided for by the Accounting Act, i.e. for eight years, after which the Data Controller will destroy them.
VII Data security
The Data Controller shall take all necessary steps to ensure the security of the personal data provided by the User, both in the network system and in the storage and retention of the data.
The systems operating through the Data Controller’s website are hosted by an external, secure hosting provider, to which the data managed on the hosting provider cannot be accessed. The Data Controller’s work processes are carried out on password and anti-virus protected computers.
VIII. Rights of the User and means of enforcement
The User has the right to receive feedback from the Data Controller as to whether his/her personal data are being processed and, if so, to be informed of the data processed and of any relevant information concerning the processing.

The User may request the Data Controller to correct inaccurate personal data concerning him/her without undue delay. Taking into account the purpose of the processing, he/she may request the integration of his/her personal data.
You may request the deletion of your personal data, except where the processing is necessary for compliance with the legal obligations of the Controller or for the establishment, exercise or defence of legal claims. The Data Controller shall delete personal data without undue delay where the processing is unlawful, incomplete or inaccurate, the purpose of the processing has ceased or the storage period has expired or has been ordered by a court or public authority, or where the deletion is necessary to comply with a legal obligation to which the Data Controller is subject.

Where the Controller processes personal data on the basis of the data subject’s consent, the data subject may withdraw that consent. If there is no other legal basis for the processing, the Controller shall erase the personal data concerned by the withdrawn consent.
The User shall have the right to obtain restriction of processing by the Controller at his/her request where
User contests the accuracy of the personal data – for the time necessary to verify the accuracy;
the processing is unlawful but the User objects to the erasure of the data and requests the restriction of use;
the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of a legal claim; or
the data subject objects to the processing of his or her data on grounds of public interest or legitimate interest pursued by the Controller or a third party.
During the restriction period, the Controller shall not use the personal data for any purpose other than storage.
In case of exercise of the rights of the User, the Data Controller shall examine the request of the data subject, take the necessary measures and inform the data subject of the measures taken or the reasons for not taking them within one month of receipt of the request.

Legal enforcement:
The User may send his/her request for data processing to the Data Controller referred to in point I, at the address or e-mail address indicated therein.
In the event of a breach of his/her rights, the data subject may bring an action before the competent court at the address of the Data Controller or, at his/her option, at the competent court at his/her place of residence or, failing that, at the place of his/her domicile.
Furthermore, the User may lodge a complaint with the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet Fasor 22/c., hereinafter referred to as “NAIH”) and initiate an investigation on the grounds that a violation of rights has occurred or is imminent with regard to the processing of his/her personal data.